1 files changed, 159 insertions, 0 deletions
diff --git a/tools/logsigner.c b/tools/logsigner.c
new file mode 100644
index 00000000..f6887696
--- /dev/null
+++ b/tools/logsigner.c
@@ -0,0 +1,159 @@
+/* This is a tool for offline signing logfiles via the guardtime API.
+ * 
+ * NOTE: this currently is only a PoC and WiP! NOT suitable for
+ *       production use!
+ *
+ * Current hardcoded timestamper (use this if you do not have an
+ * idea of which one else to use):
+ *    http://stamper.guardtime.net/gt-signingservice
+ * Check the GuardTime website for the URLs of nearest public services.
+ *
+ * Copyright 2013 Adiscon GmbH
+ *
+ * This file is part of rsyslog.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *       -or-
+ *       see COPYING.ASL20 in the source distribution
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either exprs or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <gt_base.h>
+#include <gt_http.h>
+
+#include "librsgt.h"
+
+
+#if 0
+void
+outputhash(GTDataHash *hash)
+{
+	int i;
+	for(i = 0 ; i < hash->digest_length ; ++i)
+		printf("%2.2x", hash->digest[i]);
+	printf("\n");
+}
+
+void
+timestampIt(GTDataHash *hash)
+{
+	int r = GT_OK;
+	GTTimestamp *timestamp = NULL;
+	unsigned char *der = NULL;
+	char *sigFile = "logsigner.TIMESTAMP";
+	size_t der_len;
+
+	/* Get the timestamp. */
+	r = GTHTTP_createTimestampHash(hash,
+		"http://stamper.guardtime.net/gt-signingservice", &timestamp);
+
+	if(r != GT_OK) {
+		fprintf(stderr, "GTHTTP_createTimestampHash() failed: %d (%s)\n",
+				r, GTHTTP_getErrorString(r));
+		goto done;
+	}
+
+	/* Encode timestamp. */
+	r = GTTimestamp_getDEREncoded(timestamp, &der, &der_len);
+	if(r != GT_OK) {
+		fprintf(stderr, "GTTimestamp_getDEREncoded() failed: %d (%s)\n",
+				r, GT_getErrorString(r));
+		goto done;
+	}
+
+	/* Save DER-encoded timestamp to file. */
+	r = GT_saveFile(sigFile, der, der_len);
+	if(r != GT_OK) {
+		fprintf(stderr, "Cannot save timestamp to file %s: %d (%s)\n",
+				sigFile, r, GT_getErrorString(r));
+		if(r == GT_IO_ERROR) {
+			fprintf(stderr, "\t%d (%s)\n", errno, strerror(errno));
+		}
+		goto done;
+	}
+	printf("Timestamping succeeded!\n");
+done:
+	GT_free(der);
+	GTTimestamp_free(timestamp);
+}
+
+
+void
+sign(const char *buf, const size_t len)
+{
+	int r;
+	GTDataHash *hash = NULL;
+
+	printf("hash for '%s' is ", buf);
+	r = GTDataHash_create(GT_HASHALG_SHA256, (const unsigned char*)buf, len, &hash);
+	if(r != GT_OK) {
+		fprintf(stderr, "GTTDataHash_create() failed: %d (%s)\n",
+				r, GT_getErrorString(r));
+		goto done;
+	}
+	outputhash(hash);
+	timestampIt(hash); /* of course, this needs to be moved to once at end ;) */
+done:	GTDataHash_free(hash);
+}
+#endif
+
+void
+processFile(char *name)
+{
+	FILE *fp;
+	size_t len;
+	char line[64*1024+1];
+	gtctx ctx = NULL;
+	
+	ctx = rsgtCtxNew((unsigned char*)"SIGFILE", GT_HASHALG_SHA256);
+	sigblkInit(ctx);
+	if(!strcmp(name, "-"))
+		fp = stdin;
+	else
+		fp = fopen(name, "r");
+
+	while(1) {
+		if(fgets(line, sizeof(line), fp) == NULL) {
+			if(!feof(fp))
+				perror(name);
+			break;
+		}
+		len = strlen(line);
+		if(line[len-1] == '\n') {
+			--len;
+			line[len] = '\0';
+		}
+		//sign(line, len);
+		sigblkAddRecord(ctx, (unsigned char*)line, len);
+	}
+
+	if(fp != stdin)
+		fclose(fp);
+	sigblkFinish(ctx);
+	rsgtCtxDel(ctx);
+}
+
+
+int
+main(int argc, char *argv[])
+{
+	rsgtInit("rsyslog logsigner " VERSION);
+	processFile("-");
+	rsgtExit();
+	return 0;
+}